HPE Community
Operating System - HP-UX
1833764 Members
2644 Online
110063 Solutions
New Discussion

Locked accounts in /etc/passwd

 
Joe Profaizer
Super Advisor

‎01-10-2007 10:14 AM

‎01-10-2007 10:14 AM

Locked accounts in /etc/passwd

Is there a way to grep the /etc/passwd file to find out if there are locked accounts? The only way I know of is to go through SAM one by one to see if accounts are locked out.

Any ideas on expediting this would be appreciated.

Thanks,

..Joe
0 Kudos
Reply
7 REPLIES 7
Geoff Wild
Honored Contributor

‎01-10-2007 10:22 AM

‎01-10-2007 10:22 AM

Re: Locked accounts in /etc/passwd

/usr/lbin/getprpw userid
can tell you if user is locked.

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
Reply
Rick Garland
Honored Contributor

‎01-10-2007 10:22 AM

‎01-10-2007 10:22 AM

Re: Locked accounts in /etc/passwd

If the system is trusted, view this post. Talks about use of the 'getprpw' command to get the info you seek.

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=1050217


0 Kudos
Reply
Geoff Wild
Honored Contributor

‎01-10-2007 10:27 AM

‎01-10-2007 10:27 AM

Re: Locked accounts in /etc/passwd

Course - if it isn't trusted, the encrypted password will be an asterick: *

grep -e "*:" /etc/passwd


Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
Reply
Sp4admin
Trusted Contributor

‎01-10-2007 10:54 AM

‎01-10-2007 10:54 AM

Re: Locked accounts in /etc/passwd

Hi Joe,

You can check on accounts at the command line useing the getprpw command. when you do a getprpw and numbers come back that are 1 then the account is locked. if it comes back wirh all 0's then the account is not locked.

#getprpw -r -m lockout username

#modprpw -k username

sp,
0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

‎01-10-2007 11:38 AM

‎01-10-2007 11:38 AM

Re: Locked accounts in /etc/passwd

Actually to be precise, if the system is untrusted the locked accounts are those which do not have a 13 character value in the passwd hash field. By convention, it is a '*' which is an impossible hash but I have used other non-13 character strings to designate why an account is locked.
If it ain't broke, I can fix that.
0 Kudos
Reply
Raj D.
Honored Contributor

‎01-10-2007 02:37 PM

‎01-10-2007 02:37 PM

Re: Locked accounts in /etc/passwd

Joe,

# cd /usr/lbin/
# ./getprpw username
And check for the lockout value, 1 is locked.

you can release the locked account by :
# modprpw -k username

Remember this is for trusted systems. Non trusted systems you can use SAM and Reactivate the user.

cheers,
Raj.
" If u think u can , If u think u cannot , - You are always Right . "
0 Kudos
Reply
Asif Sharif
Honored Contributor

‎01-10-2007 03:45 PM

‎01-10-2007 03:45 PM

Re: Locked accounts in /etc/passwd

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=1062988&admit=-682735245+1168490602245+28353475
Regards,
Asif Sharif
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.